Sonatype Blog: Latest Posts

New Java Malware Exploits Both Windows and Mac Users

April 24, Threatpost – (International) New Java malware exploits both Windows and Mac users. Symantec discovered a new form of Java malware that infects Apple and Windows machines. The company’s research describes a strain of Java Applet malware that either drops a Python-based malware in Mac operating systems or an executableform of malware in Windows computers. If opened, both forms could launch a trojan that could trigger a backdoor on the computer, regardless of the platform. The malware exploits the Oracle Java SE Remote Java Runtime Environment Code Execution Vulnerability (CVE-2012-0507) to download the malware. The post said the Mac trojan can currently only control polling times, or “how many times it gets commands from the server at certain time intervals.” If enabled however, the trojan can also download files, list files and folders, open a remote shell, sleep, or upload files. The trojan for Windows can send information about the infected computer and disk, its memory usage, OS version and user name, in addition to downloading and executing files and opening shells to receive commands. The news of this malware comes after the discovery of Flashback and SabPub, two forms of malware that targeted Mac users throughout the first quarter of 2012 via another vulnerability in Java. The vulnerability CVE-2012-0507 — an older Java flaw recently blocked by Mozilla’s Firefox — was used by some Flashback variants earlier in April, before being patched by Apple.